Aggregate signatures provide bandwidth-saving aggregation of ordinary signatures. The authors present the first unrestricted instantiation in the standard model; moreover, their construction yields a multi-signature scheme where a single message is signed by a number of signers. Their second result is an application to verifiably encrypted signatures. There, signers encrypt their signature under the public key of a trusted third party and output a proof that the signature is inside. Upon dispute between signer and verifier, the trusted third party is able to recover the signature. These schemes are provably secure in the standard model.